introduction 1 2 v4.1 ruggedcom ros 3 4 5 6€¦ · ruggedcom ros v4.1 user guide for rp110 12/2014...
TRANSCRIPT
-
RUGGEDCOM ROSv4.1
User Guide
For RP110
12/2014
Preface
Introduction 1
Using ROS 2
Device Management 3
System Administration 4
Setup and Configuration 5
Troubleshooting 6
RC1106-EN-01
-
RUGGEDCOM ROSUser Guide
ii
Copyright © 2014 Siemens Canada Ltd.
All rights reserved. Dissemination or reproduction of this document, or evaluation and communication of its contents, is not authorizedexcept where expressly permitted. Violations are liable for damages. All rights reserved, particularly for the purposes of patent application ortrademark registration.
This document contains proprietary information, which is protected by copyright. All rights are reserved. No part of this document may bephotocopied, reproduced or translated to another language without the prior written consent of Siemens Canada Ltd..
Disclaimer Of LiabilitySiemens has verified the contents of this manual against the hardware and/or software described. However, deviations between the productand the documentation may exist.
Siemens shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing,performance, or use of this material.
The information given in this document is reviewed regularly and any necessary corrections will be included in subsequent editions. Weappreciate any suggested improvements. We reserve the right to make technical improvements without notice.
Registered TrademarksROX™, Rugged Operating System On Linux™, CrossBow™ and ELAN™ are trademarks of Siemens Canada Ltd. . ROS® is a registeredtrademark of Siemens Canada Ltd..
Other designations in this manual might be trademarks whose use by third parties for their own purposes would infringe the rights of theowner.
Third Party CopyrightsSiemens recognizes the following third party copyrights:
• Copyright © 2004 GoAhead Software, Inc. All Rights Reserved.
Security InformationSiemens provides products and solutions with industrial security functions that support the secure operation of plants, machines, equipmentand/or networks. They are important components in a holistic industrial security concept. With this in mind, Siemens ’ products and solutionsundergo continuous development. Siemens recommends strongly that you regularly check for product updates.
For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept)and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should alsobe considered. For more information about industrial security, visit http://www.siemens.com/industrialsecurity.
To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit http://support.automation.siemens.com.
WarrantyRefer to the License Agreement for the applicable warranty terms and conditions, if any.
For warranty details, visit www.siemens.com/ruggedcom or contact a Siemens customer service representative.
Contacting SiemensAddressSiemens Canada Ltd.Industry Sector300 Applewood CrescentConcord, OntarioCanada, L4K 5C7
TelephoneToll-free: 1 888 264 0006Tel: +1 905 856 5288Fax: +1 905 856 1995
Webwww.siemens.com/ruggedcom
http://www.siemens.com/industrialsecurityhttp://support.automation.siemens.comhttp://support.automation.siemens.comhttp://www.siemens.com/ruggedcommailto:[email protected]://www.siemens.com/ruggedcom
-
RUGGEDCOM ROSUser Guide
Table of Contents
iii
Table of ContentsPreface ................................................................................................................ ix
Conventions ....................................................................................................................................... ixAlerts ......................................................................................................................................... ixCLI Command Syntax ................................................................................................................. x
Related Documents ............................................................................................................................. xSystem Requirements ......................................................................................................................... xAccessing Documentation ................................................................................................................... xiTraining .............................................................................................................................................. xiCustomer Support .............................................................................................................................. xi
Chapter 1
Introduction .......................................................................................................... 11.1 Overview ..................................................................................................................................... 11.2 Security Recommendations and Considerations ............................................................................. 2
1.2.1 Security Recommendations ................................................................................................ 21.2.2 Key Files .......................................................................................................................... 3
1.2.2.1 SSL Certificates ...................................................................................................... 41.2.2.2 SSH Key Pairs ....................................................................................................... 5
1.3 Available Services by Port ............................................................................................................ 61.4 SNMP Management Interface Base (MIB) Support ......................................................................... 9
1.4.1 Supported Standard MIBs .................................................................................................. 91.4.2 Supported Proprietary RUGGEDCOM MIBs ...................................................................... 101.4.3 Supported Agent Capabilities ........................................................................................... 10
1.5 SNMP Traps .............................................................................................................................. 111.6 ModBus Management Support .................................................................................................... 12
1.6.1 ModBus Function Codes .................................................................................................. 131.6.2 ModBus Memory Map ...................................................................................................... 141.6.3 ModBus Memory Formats ................................................................................................ 19
1.6.3.1 Text ...................................................................................................................... 191.6.3.2 Cmd ..................................................................................................................... 191.6.3.3 Uint16 .................................................................................................................. 201.6.3.4 Uint32 .................................................................................................................. 201.6.3.5 PortCmd ............................................................................................................... 201.6.3.6 Alarm ................................................................................................................... 211.6.3.7 PSStatusCmd ....................................................................................................... 21
-
Table of Contents
RUGGEDCOM ROSUser Guide
iv
1.6.3.8 TruthValues .......................................................................................................... 221.7 Certificate and Key Requirements ............................................................................................... 22
Chapter 2
Using ROS ......................................................................................................... 252.1 Connecting to ROS .................................................................................................................... 25
2.1.1 Connecting Directly .......................................................................................................... 252.1.2 Connecting via the Network ............................................................................................. 26
2.2 Logging In ................................................................................................................................. 272.3 Logging Out ............................................................................................................................... 282.4 Using the Web Interface ............................................................................................................. 282.5 Using the Console Interface ........................................................................................................ 302.6 Using the Command Line Interface ............................................................................................. 32
2.6.1 Available CLI Commands ................................................................................................. 322.6.2 Tracing Events ................................................................................................................ 352.6.3 Executing Commands Remotely via RSH .......................................................................... 362.6.4 Using SQL Commands .................................................................................................... 36
2.6.4.1 Finding the Correct Table ...................................................................................... 372.6.4.2 Retrieving Information ........................................................................................... 372.6.4.3 Changing Values in a Table ................................................................................... 392.6.4.4 Resetting a Table .................................................................................................. 392.6.4.5 Using RSH and SQL ............................................................................................. 39
2.7 Selecting Ports in ROS ............................................................................................................... 402.8 Managing the Flash File System ................................................................................................. 40
2.8.1 Viewing a List of Flash Files ............................................................................................ 402.8.2 Viewing Flash File Details ................................................................................................ 412.8.3 Defragmenting the Flash File System ............................................................................... 41
Chapter 3
Device Management .......................................................................................... 433.1 Viewing Product Information ....................................................................................................... 433.2 Viewing CPU Diagnostics ........................................................................................................... 453.3 Restoring Factory Defaults .......................................................................................................... 463.4 Configuring an IP Interface ......................................................................................................... 473.5 Uploading/Downloading Files ...................................................................................................... 47
3.5.1 Uploading/Downloading Files Using XMODEM .................................................................. 483.5.2 Uploading/Downloading Files Using a TFTP Client ............................................................ 493.5.3 Uploading/Downloading Files Using a TFTP Server ........................................................... 503.5.4 Uploading/Downloading Files Using an SFTP Server ......................................................... 50
3.6 Managing Logs .......................................................................................................................... 513.6.1 Viewing Local Logs ......................................................................................................... 51
-
RUGGEDCOM ROSUser Guide
Table of Contents
v
3.6.2 Clearing Local Logs ......................................................................................................... 523.6.3 Configuring the Local System Log .................................................................................... 523.6.4 Managing Remote Logging .............................................................................................. 53
3.6.4.1 Configuring the Remote Syslog Client .................................................................... 533.6.4.2 Viewing a List of Remote Syslog Servers ............................................................... 543.6.4.3 Adding a Remote Syslog Server ............................................................................ 543.6.4.4 Deleting a Remote Syslog Server .......................................................................... 56
3.7 Managing IP Gateways .............................................................................................................. 573.7.1 Viewing a List of IP Gateways .......................................................................................... 573.7.2 Adding an IP Gateway ..................................................................................................... 573.7.3 Deleting an IP Gateway ................................................................................................... 59
3.8 Configuring IP Services .............................................................................................................. 593.9 Upgrading/Downgrading Firmware ............................................................................................... 61
3.9.1 Upgrading Firmware ........................................................................................................ 613.9.2 Downgrading Firmware .................................................................................................... 61
3.10 Resetting the Device ................................................................................................................ 623.11 Decommissioning the Device ..................................................................................................... 63
Chapter 4
System Administration ....................................................................................... 654.1 Configuring the System Information ............................................................................................. 654.2 Customizing the Login Screen .................................................................................................... 664.3 Configuring Passwords ............................................................................................................... 664.4 Managing Alarms ....................................................................................................................... 69
4.4.1 Viewing a List of Pre-Configured Alarms ........................................................................... 694.4.2 Viewing and Clearing Latched Alarms ............................................................................... 704.4.3 Configuring an Alarm ....................................................................................................... 714.4.4 Authentication Related Security Alarms ............................................................................. 74
4.4.4.1 Security Alarms for Login Authentication ................................................................ 744.4.4.2 Security Messages for Port Authentication .............................................................. 76
4.5 Managing the Configuration File .................................................................................................. 774.5.1 Configuring Data Encryption ............................................................................................. 774.5.2 Updating the Configuration File ........................................................................................ 78
4.6 Managing an Authentication Server ............................................................................................. 794.6.1 Managing RADIUS Authentication .................................................................................... 79
4.6.1.1 Configuring the RADIUS Server ............................................................................. 804.6.1.2 Configuring the RADIUS Client .............................................................................. 80
4.6.2 Managing TACACS+ Authentication .................................................................................. 824.6.2.1 Configuring TACACS+ ........................................................................................... 824.6.2.2 Configuring User Priviliges .................................................................................... 83
-
Table of Contents
RUGGEDCOM ROSUser Guide
vi
Chapter 5
Setup and Configuration .................................................................................... 855.1 Configuring the DHCP Relay Agent ............................................................................................. 855.2 Managing Time Services ............................................................................................................ 86
5.2.1 Configuring the Time and Date ......................................................................................... 875.2.2 Configuring IRIG-B .......................................................................................................... 885.2.3 Configuring the Time Source ............................................................................................ 895.2.4 Configuring NTP .............................................................................................................. 905.2.5 Viewing the Status of Time Synchronization Subsystems ................................................... 91
5.3 Managing SNMP ........................................................................................................................ 935.3.1 Managing SNMP Users ................................................................................................... 93
5.3.1.1 Viewing a List of SNMP Users ............................................................................... 945.3.1.2 Adding an SNMP User .......................................................................................... 945.3.1.3 Deleting an SNMP User ........................................................................................ 97
5.3.2 Managing Security-to-Group Mapping ............................................................................... 985.3.2.1 Viewing a List of Security-to-Group Maps ............................................................... 985.3.2.2 Adding a Security-to-Group Map ............................................................................ 985.3.2.3 Deleting a Security-to-Group Map ........................................................................ 100
5.3.3 Managing SNMP Groups ............................................................................................... 1005.3.3.1 Viewing a List of SNMP Groups ........................................................................... 1015.3.3.2 Adding an SNMP Group ...................................................................................... 1015.3.3.3 Deleting an SNMP Group .................................................................................... 103
5.4 Managing Network Discovery .................................................................................................... 1035.5 Managing Serial Protocols ........................................................................................................ 104
5.5.1 Encapsulation Concepts ................................................................................................. 1065.5.1.1 Raw Socket Character Encapsulation ................................................................... 1075.5.1.2 RTU Polling ........................................................................................................ 1075.5.1.3 Broadcast RTU Polling ........................................................................................ 1085.5.1.4 Preemptive Raw Socket ...................................................................................... 1095.5.1.5 Port Redirectors .................................................................................................. 1105.5.1.6 Message Packetization ........................................................................................ 111
5.5.2 Modbus Concepts .......................................................................................................... 1115.5.2.1 Modbus Server Client Applications ....................................................................... 1115.5.2.2 Modbus TCP Performance Determinants .............................................................. 1125.5.2.3 Turnaround Delay ............................................................................................... 114
5.5.3 DNP, Microlok, TIN and WIN Concepts ........................................................................... 1145.5.3.1 DNP, Microlok, TIN and WIN Applications ............................................................. 1145.5.3.2 The Concept of Links .......................................................................................... 1155.5.3.3 Address Learning for TIN .................................................................................... 1155.5.3.4 Address Learning for DNP ................................................................................... 116
-
RUGGEDCOM ROSUser Guide
Table of Contents
vii
5.5.3.5 Broadcast Messages ........................................................................................... 1175.5.3.6 Transport Protocols ............................................................................................. 117
5.5.4 Force Half-Duplex (HD) Operation Mode ......................................................................... 1185.5.5 Configuring a Serial Port ................................................................................................ 1195.5.6 Configuring the Raw Socket Protocol .............................................................................. 1225.5.7 Configuring the Preemptive Raw Socket Protocol ............................................................ 1245.5.8 Configuring a TCP Modbus Server ................................................................................. 1265.5.9 Configuring a TCP Modbus Client ................................................................................... 1275.5.10 Configuring the WIN and TIN Protocols ......................................................................... 1285.5.11 Configuring the MicroLok Protocol ................................................................................. 1305.5.12 Configuring the DNP Protocol ....................................................................................... 1315.5.13 Configuring the DNP Over Raw Socket Protocol ............................................................ 1335.5.14 Configuring the Mirrored Bits Protocol ........................................................................... 1345.5.15 Configuring the Telnet Com Port Protocol ...................................................................... 1365.5.16 Managing Raw Socket Remote Hosts ........................................................................... 138
5.5.16.1 Viewing a List of Remote Hosts ......................................................................... 1385.5.16.2 Adding a Remote Host ...................................................................................... 1395.5.16.3 Deleting a Remote Host .................................................................................... 140
5.5.17 Managing Device Addresses ........................................................................................ 1415.5.17.1 Viewing a List of Device Addresses .................................................................... 1415.5.17.2 Adding a Device Address .................................................................................. 1425.5.17.3 Deleting a Device Address ................................................................................. 143
5.5.18 Viewing the TIN Dynamic Address Table ....................................................................... 1445.5.19 Viewing Statistics for Serial Protocol Links ..................................................................... 1455.5.20 Viewing Statistics for Serial Protocol Connections .......................................................... 1465.5.21 Viewing Serial Port Statistics ........................................................................................ 1475.5.22 Clearing Statistics for Specific Serial Ports .................................................................... 1485.5.23 Resetting Serial Ports .................................................................................................. 148
Chapter 6
Troubleshooting ................................................................................................ 1496.1 General .................................................................................................................................... 149
-
Table of Contents
RUGGEDCOM ROSUser Guide
viii
-
RUGGEDCOM ROSUser Guide
Preface
Conventions ix
PrefaceThis guide describes v4.1 of ROS (Rugged Operating System) running on the RUGGEDCOM RP110. It containsinstructions and guidelines on how to use the software, as well as some general theory.
It is intended for use by network technical support personnel who are familiar with the operation of networks. It isalso recommended for us by network and system planners, system programmers, and line technicians.
IMPORTANT!Some of the parameters and options described may not be available depending on variations in thedevice hardware. While every attempt is made to accurately describe the specific parameters andoptions available, this Guide should be used as a companion to the Help text included in the software.
ConventionsThis User Guide uses the following conventions to present information clearly and effectively.
AlertsThe following types of alerts are used when necessary to highlight important information.
DANGER!DANGER alerts describe imminently hazardous situations that, if not avoided, will result in death orserious injury.
WARNING!WARNING alerts describe hazardous situations that, if not avoided, may result in serious injury and/orequipment damage.
CAUTION!CAUTION alerts describe hazardous situations that, if not avoided, may result in equipment damage.
IMPORTANT!IMPORTANT alerts provide important information that should be known before performing a procedureor step, or using a feature.
NOTENOTE alerts provide additional information, such as facts, tips and details.
-
Preface
RUGGEDCOM ROSUser Guide
x CLI Command Syntax
CLI Command SyntaxThe syntax of commands used in a Command Line Interface (CLI) is described according to the followingconventions:
Example Description
command Commands are in bold.
command parameter Parameters are in plain text.
command parameter1 parameter2 Parameters are listed in the order they must be entered.
command parameter1 parameter2 Parameters in italics must be replaced with a user-defined value.
command [parameter1 | parameter2] Alternative parameters are separated by a vertical bar (|).
Square brackets indicate a required choice between two or moreparameters.
command {parameter3 | parameter4} Curly brackets indicate an optional parameter(s).
command parameter1 parameter2 {parameter3 |parameter4}
All commands and parameters are presented in the order they mustbe entered.
Related DocumentsOther documents that may be of interest include:
• RUGGEDCOM RP110 Installation Guide
• RUGGEDCOM RP110 Data Sheet
• RUGGEDCOM Fiber Guide
• RUGGEDCOM Wireless Guide
• White Paper: Rapid Spanning Tree in Industrial Networks
System RequirementsEach workstation used to connect to the ROS interface must meet the following system requirements:
• Must have one of the following Web browsers installed:
▪ Microsoft Internet Explorer 8.0 or higher
▪ Mozilla Firefox
▪ Google Chrome
▪ Iceweasel/IceCat (Linux Only)
• Must have a working Ethernet interface compatible with at least one of the port types on the RUGGEDCOMdevice
• The ability to configure an IP address and netmask on the computer’s Ethernet interface
-
RUGGEDCOM ROSUser Guide
Preface
Accessing Documentation xi
Accessing DocumentationThe latest Hardware Installation Guides and Software User Guides for most RUGGEDCOM products areavailable online at www.siemens.com/ruggedcom.
For any questions about the documentation or for assistance finding a specific document, contact a Siemenssales representative.
TrainingSiemens offers a wide range of educational services ranging from in-house training of standard courses onnetworking, Ethernet switches and routers, to on-site customized courses tailored to the customer's needs,experience and application.
Siemens' Educational Services team thrives on providing our customers with the essential practical skills to makesure users have the right knowledge and expertise to understand the various technologies associated with criticalcommunications network infrastructure technologies.
Siemens' unique mix of IT/Telecommunications expertise combined with domain knowledge in the utility,transportation and industrial markets, allows Siemens to provide training specific to the customer's application.
For more information about training services and course availability, visit www.siemens.com/ruggedcom orcontact a Siemens sales representative.
Customer SupportCustomer support is available 24 hours, 7 days a week for all Siemens customers. For technical support orgeneral information, contact Siemens Customer Support through any of the following methods:
• OnlineVisit http://www.siemens.com/automation/support-request to submit a Support Request (SR) or check on thestatus of an existing SR.
• TelephoneCall a local hotline center to submit a Support Request (SR). To locate a local hotline center, visit http://www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx.
• Mobile AppInstall the Industry Online Support app by Siemens AG on any Android, Apple iOS or Windows mobile deviceand be able to:
▪ Access Siemens' extensive library of support documentation, including FAQs, manuals, and much more
▪ Submit SRs or check on the status of an existing SR
▪ Find and contact a local contact person
▪ Ask questions or share knowledge with fellow Siemens customers and the support community
▪ And much more...
http://www.siemens.com/ruggedcomhttp://www.siemens.com/ruggedcomhttp://www.siemens.com/automation/support-requesthttp://www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspxhttp://www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx
-
RUGGEDCOM ROSUser Guide
Preface
Customer Support xii
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
Overview 1
IntroductionThis chapter provides a basic overview of the ROS software. It describes the following topics:
• Section 1.1, “Overview”
• Section 1.2, “Security Recommendations and Considerations”
• Section 1.3, “Available Services by Port”
• Section 1.4, “SNMP Management Interface Base (MIB) Support”
• Section 1.5, “SNMP Traps”
• Section 1.6, “ModBus Management Support”
• Section 1.7, “Certificate and Key Requirements”
Section 1.1
OverviewWelcome to the ROS Software User Guide for the RP110. This Guide describes the wide array of carrier gradefeatures made available by ROS (Rugged Operating System). These features include:
IMPORTANT!The RP110 is not intended for use or resale as online control equipment in hazardous, high-riskenvironments that require fail-safe performance, such as nuclear facilities, aircraft navigation orcommunication systems, air traffic control, direct life support machines or weapons systems, in whichthe failure of the software could result in death, personal injury, or severe physical or environmentaldamage.
Cyber Security Features
• Muti-level user passwords• SSH/SSL (128-bit encryption)• RADIUS centralized password management• SNMPv3 authentication and 56-bit encryption
Management Features
• Web-based, Telnet, CLI management interfaces• SNMP v1/v2/v3 (56-bit encryption)• Remote Monitoring (RMON)• Rich set of diagnostics with logging and alarms
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
2 Security Recommendations and Considerations
Section 1.2
Security Recommendations and ConsiderationsThe following describes important security-related recommendations and suggestions that should be consideredbefore implementing the RP110 on any network:
• Section 1.2.1, “Security Recommendations”
• Section 1.2.2, “Key Files”
Section 1.2.1
Security RecommendationsTo prevent unauthorized access to the device, note the following security recommendations:
• Do not connect the device to the Internet. Deploy the device only within a secure network perimeter.
• Replace the default passwords for all user accounts and processes (where applicable) before the device isdeployed.
• Use strong passwords. Avoid weak passwords such as password1, 123456789, abcdefgh, etc. For moreinformation about creating strong passwords, refer to the password requirements in Section 4.3, “ConfiguringPasswords”.
• Make sure passwords are protected and not shared with unauthorized personnel.
• Passwords should not be re-used across different usernames and systems, or after they expire.
• When RADIUS authentication is done remotely, make sure all communications are within the security perimeteror on a secure channel.
• SSL and SSH keys are accessible to users who connect to the device via the serial console. Make sure to takeappropriate precautions when shipping the device beyond the boundaries of the trusted environment:
▪ Replace the SSH and SSL keys with throwaway keys prior to shipping.
▪ Take the existing SSH and SSL keys out of service. When the device returns, create and program new keysfor the device.
• Restrict physical access to the device to only trusted personnel. A person with malicious intent could extractcritical information, such as certificates, keys, etc. (user passwords are protected by hash codes), or reprogramthe device.
• Control access to the serial console to the same degree as any physical access to the device. Access to theserial console allows for potential access to the ROS boot loader, which includes tools that may be used to gaincomplete access to the device.
• Only enable services that will be used on the device, including physical ports. Unused physical ports couldpotentially be used to gain access to the network behind the device.
• If SNMP is enabled, limit the number of IP addresses that can connect to the device and change thecommunity names. Also configure SNMP to raise a trap upon authentication failures. For more information,refer to Section 5.3, “Managing SNMP”.
• Avoid using insecure services such as Telnet and TFTP, or disable them completely if possible. These servicesare available for historical reasons and are disabled by default.
• Limit the number of simultaneous Web Server, Telnet and SSH sessions allowed.
• Configure remote system logging to forward all logs to a central location. For more information, refer toSection 3.6, “Managing Logs”.
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
Key Files 3
• Configuration files are provided in the CSV (comma separated values) format for ease of use. Make sureconfiguration files are properly protected when they exist outside of the device. For instance, encrypt the files,store them in a secure place, and do not transfer them via insecure communication channels.
• Management of the configuration file, certificates and keys is the responsibility of the device owner. Beforereturning the device to Siemens for repair, make sure encryption is disabled (to create a cleartext version of theconfiguration file) and replace the current certificates and keys with temporary throwaway certificates and keysthat can be destroyed upon the device's return.
• Be aware of any non-secure protocols enabled on the device. While some protocols, such as HTTPS andSSH, are secure, others, such as Telnet and RSH, were not designed for this purpose. Appropriate safeguardsagainst non-secure protocols should be taken to prevent unauthorized access to the device/network.
• Periodically audit the device to make sure it complies with these recommendations and/or any internal securitypolicies.
Section 1.2.2
Key FilesROS uses security keys to establish secure remote logins (SSH) and Web access (SSL).
It is strongly recommended that a unique SSL certificate and SSH keys be created and provisioned. New ROS -based units from Siemens will be shipped with a unique certificate and keys preconfigured in the ssl.crt andssh.keys flash files.
The default and auto-generated SSL certificates are self-signed. It is recommended to use an SSL certificate thatis either signed by a trusted third-party Certificate Authority (CA) or by an organization's own CA. This techniqueis described in the Siemens application note: Creating/Uploading SSH Keys and SSL Certificates to ROS UsingWindows, available from www.siemens.com/ruggedcom.
The sequence of events related to Key Management during an upgrade to ROS v4.1 or later is as follows:
NOTEThe auto-generation of SSH keys is not available for Non-Controlled (NC) versions of ROS.
• On first boot, ROS will start the SSH and SSL services using the default keys.
• Immediately after boot, ROS will start to generate a unique SSL certificate and SSH key pair, and save eachone to its corresponding flash file. As each one is created, the corresponding service is immediately restartedwith the new keys.
• At any time during the key generation process, custom keys can be uploaded. The custom keys will takeprecedence over both the default and auto-generated keys.
• On subsequent boot, if there is a valid ssl.crt file, the default certificate will not be used for SSL. If there is avalid ssh.keys file, the default SSH key will not be used.
• At any time, new keys may be uploaded or generated by ROS using the sslkeygen or sshkeygen CLIcommands.
The following sections describe SSL certificates and SSH key pairs in more detail:
• Section 1.2.2.1, “SSL Certificates”
• Section 1.2.2.2, “SSH Key Pairs”
http://www.siemens.com/ruggedcom
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
4 SSL Certificates
Section 1.2.2.1
SSL CertificatesROS supports SSL certificates that conform to the following specifications:
• X.509 v3 digital certificate format
• PEM format
• RSA key pair, 512 to 2048 bits
The RSA key pair used in the default certificate and in those generated by ROS uses a public key of 1024 bits inlength.
NOTERSA keys smaller than 1024 bits in length are not recommended. Support is only included here forcompatibility with legacy equipment.
NOTEThe default certificate and keys are common to all ROS versions without a certificate or key files. Thatis why it is important to either allow the key auto-generation to complete or to provision custom keys. Inthis way, one has at least unique, and at best, traceable and verifiable keys installed when establishingsecure communication with the unit.
The following (bash) shell script fragment uses the openssl command line utility to generate a self-signedX.509 v3 SSL certificate with a 1024 bit RSA key suitable for use in ROS . Note that two standard PEM files arerequired: the SSL certificate and the RSA private key file. These are concatenated into the resulting ssl.crt file,which may then be uploaded to ROS:
# RSA key size:BITS=1024# 20 years validity:DAYS=7305
# Values that will be stored in the Distinguished Name fields:
COUNTRY_NAME=CA # Two-letter country codeSTATE_OR_PROVINCE_NAME=Ontario # State or ProvinceLOCALITY_NAME=Concord # CityORGANIZATION=Ruggedcom.com # Your organization's nameORGANIZATION_CA=${ORGANIZATION}_CA # Your Certificate AuthorityCOMMON_NAME=RC # The DNS or IP address of the ROS unitORGANIZATIONAL_UNIT=ROS # Organizational unit name
# Variables used in the construction of the certificateREQ_SUBJ="/C=${COUNTRY_NAME}/ST=${STATE_OR_PROVINCE_NAME}/L=${LOCALITY_NAME}/O=${ORGANIZATION}/OU=${ORGANIZATIONAL_UNIT}/CN=${COMMON_NAME}/"REQ_SUBJ_CA="/C=${COUNTRY_NAME}/ST=${STATE_OR_PROVINCE_NAME}/L=${LOCALITY_NAME}/O=${ORGANIZATION_CA}/OU=${ORGANIZATIONAL_UNIT}/"
######################################################################### Make the self-signed SSL certificate and RSA key pair:
openssl req -x509 -newkey rsa:${BITS} -nodes \ -days ${DAYS} -subj ${REQ_SUBJ} \ -keyout ros_ssl.key \ -out ros_ssl.crt
# Concatenate Cert and Key into a single file suitable for upload to ROS:# Note that cert must precede the RSA key:cat ros_ssl.crt ros_ssl.key > ssl.crt
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
SSH Key Pairs 5
For information on creating SSL certificates for use with ROS in a Microsoft Windows environment, refer to thefollowing Siemens application note: Creating/Uploading SSH Keys and SSL Certificates to ROS Using Windows.
The following is an example of a self-signed SSL certificate generated by ROS:
Certificate: Data: Version: 3 (0x2) Serial Number: ca:01:2d:c0:bf:f9:fd:f2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CA, ST=Ontario, L=Concord, O=RuggedCom.com, OU=RC, CN=ROS Validity Not Before: Dec 6 00:00:00 2012 GMT Not After : Dec 7 00:00:00 2037 GMT Subject: C=CA, ST=Ontario, L=Concord, O=RuggedCom.com, OU=RC, CN=ROS Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:83:e8:1f:02:6b:cd:34:1f:01:6d:3e:b6:d3:45: b0:18:0a:17:ae:3d:b0:e9:c6:f2:0c:af:b1:3e:e7: fd:f2:0e:75:8d:6a:49:ce:47:1d:70:e1:6b:1b:e2: fa:5a:1b:10:ea:cc:51:41:aa:4e:85:7c:01:ea:c3: 1e:9e:98:2a:a9:62:48:d5:27:1e:d3:18:cc:27:7e: a0:94:29:db:02:5a:e4:03:51:16:03:3a:be:57:7d: 3b:d1:75:47:84:af:b9:81:43:ab:90:fd:6d:08:d3: e8:5b:80:c5:ca:29:d8:45:58:5f:e4:a3:ed:9f:67: 44:0f:1a:41:c9:d7:62:7f:3f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: EC:F3:09:E8:78:92:D6:41:5F:79:4D:4B:7A:73:AD:FD:8D:12:77:88 X509v3 Authority Key Identifier: keyid:EC:F3:09:E8:78:92:D6:41:5F:79:4D:4B:7A:73:AD:FD:8D:12:77:88 DirName:/C=CA/ST=Ontario/L=Concord/O=RuggedCom.com/OU=RC/CN=ROS serial:CA:01:2D:C0:BF:F9:FD:F2 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 64:cf:68:6e:9f:19:63:0e:70:49:a6:b2:fd:09:15:6f:96:1d: 4a:7a:52:c3:46:51:06:83:7f:02:8e:42:b2:dd:21:d2:e9:07: 5c:c4:4c:ca:c5:a9:10:49:ba:d4:28:fd:fc:9d:a9:0b:3f:a7: 84:81:37:ca:57:aa:0c:18:3f:c1:b2:45:2a:ed:ad:dd:7f:ad: 00:04:76:1c:f8:d9:c9:5c:67:9e:dd:0e:4f:e5:e3:21:8b:0b: 37:39:8b:01:aa:ca:30:0c:f1:1e:55:7c:9c:1b:43:ae:4f:cd: e4:69:78:25:5a:a5:f8:98:49:33:39:e3:15:79:44:37:52:da: 28:dd
Section 1.2.2.2
SSH Key PairsControlled versions of ROS support SSH public/private key pairs that conform to the following specifications:
• PEM format
• DSA key pair, 512 to 2048 bits in length
The DSA key pair used in the default key pair and in those generated by ROS uses a public key of 1024 bits inlength.
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
6 Available Services by Port
NOTEDSA keys smaller than 1024 bits in length are not recommended, and support is only included here forcompatibility with legacy equipment.
The following (bash) shell script fragment uses the ssh-keygen command line utility to generate a 1024 bit DSAkey suitable for use in ROS . The resulting ssh.keys file, which may then be uploaded to ROS:
# DSA key size:BITS=1024
# Make an SSH key pair:ssh-keygen -t dsa -b 1024 -N '' -f ssh.keys
The following is an example of an SSH key generated by ROS:
Private-Key: (1024 bit)priv: 00:b2:d3:9d:fa:56:99:a5:7a:ba:1e:91:c5:e1:35: 77:85:e8:c5:28:36pub: 6f:f3:9e:af:e6:d6:fd:51:51:b9:fa:d5:f9:0a:b7: ef:fc:d7:7c:14:59:52:48:52:a6:55:65:b7:cb:38: 2e:84:76:a3:83:62:d0:83:c5:14:b2:6d:7f:cc:f4: b0:61:0d:12:6d:0f:5a:38:02:67:a4:b7:36:1d:49: 0a:d2:58:e2:ff:4a:0a:54:8e:f2:f4:c3:1c:e0:1f: 9b:1a:ee:16:e0:e9:eb:c8:fe:e8:16:99:e9:61:81: ed:e4:f2:58:fb:3b:cb:c3:f5:9a:fa:ed:cd:39:51: 47:90:5d:6d:1b:27:d5:04:c5:de:57:7e:a7:a3:03: e8:fb:0a:d5:32:89:40:12P: 00:f4:81:c1:9b:5f:1f:eb:ac:43:2e:db:dd:77:51: 6e:1c:62:8d:4e:95:c6:e7:b9:4c:fb:39:9c:9d:da: 60:4b:0f:1f:c6:61:b0:fc:5f:94:e7:45:c3:2b:68: 9d:11:ba:e1:8a:f9:c8:6a:40:95:b9:93:7c:d0:99: 96:bf:05:2e:aa:f5:4e:f0:63:02:00:c7:c2:52:c7: 1a:70:7c:f7:e5:fe:dd:3d:57:02:86:ae:d4:89:20: ca:4b:46:80:ea:de:a1:30:11:5c:91:e2:40:d4:a3: 82:c5:40:3b:25:8e:d8:b2:85:cc:f5:9f:a9:1d:ea: 0a:ac:77:95:ee:d6:f7:61:e3Q: 00:d5:db:48:18:bd:ec:69:99:eb:ff:5f:e1:40:af: 20:80:6d:5c:b1:23G: 01:f9:a1:91:c0:82:12:74:49:8a:d5:13:88:21:3e: 32:ea:f1:74:55:2b:de:61:6c:fd:dd:f5:e1:c5:03: 68:b4:ad:40:48:58:62:6c:79:75:b1:5d:42:e6:a9: 97:86:37:d8:1e:e5:65:09:28:86:2e:6a:d5:3d:62: 50:06:b8:d3:f9:d4:9c:9c:75:84:5b:db:96:46:13: f0:32:f0:c5:cb:83:01:a8:ae:d1:5a:ac:68:fb:49: f9:b6:8b:d9:d6:0d:a7:de:ad:16:2b:23:ff:8e:f9: 3c:41:16:04:66:cf:e8:64:9e:e6:42:9a:d5:97:60: c2:e8:9e:f4:bc:8f:6f:e0
Section 1.3
Available Services by PortThe following table lists the services available under ROS. This table includes the following information:
• Services
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
Available Services by Port 7
The service supported by the device.
• Port NumberThe port number associated with the service.
• Port OpenThe port state, whether it is always open and cannot be closed, or open only, but can be configured.
NOTEIn certain cases, the service might be disabled, but the port can still be open (e.g. TFTP).
• Port DefaultThe default state of the port (i.e. open or closed).
• Access AuthorizedDenotes whether the ports/services are authenticated during access.
Services Port Number Port Open Port Default AccessAuthorized Note
Telnet TCP/23 Open(configurable)
Closed Yes Only availablethrough twomanagementinterfaces.
HTTP TCP/80 Open, redirectsto 443
Open —
HTTPS TCP/443 Open Open Yes
RSH TCP/512 Open(configurable)
Closed Yes Only availablethrough twomanagementinterfaces.
TFTP UDP/69 Open(configurable)
Closed No Only availablethrough twomanagementinterfaces.
SFTP TCP/22 Open Open Yes Only availablethrough twomanagementinterfaces.
SNMP UDP/161 Open(configurable)
Closed Yes Only availablethrough twomanagementinterfaces.
SNTP UDP/123 Open - Alwaysmight acts asserver
Open No Only availablethrough twomanagementinterfaces.
SSH TCP/22 Open Open Yes Only availablethrough twomanagementinterfaces.
ICMP — Open Open No
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
8 Available Services by Port
Services Port Number Port Open Port Default AccessAuthorized Note
TACACS+ TCP/49(configurable)
Open(configurable)
Closed Yes
RADIUS UDP/1812to send(configurable),opens randomport to listen to
Open(configurable)
Closed Yes Only availablethrough twomanagementinterfaces.
Remote Syslog UDP/514(configurable)
Open(configurable)
Closed No Only availablethrough twomanagementinterfaces.
DNP over RawSocket TCP/21001 toTCP/21016
Open(configurable)
Closed No
DNPv3 UDP/20000
TCP/20000
UDP Open;TCP open afterconfigured firsttime - can not beclosed
UDP Open; TCPClosed
No
RawSocket/Telnet COM UDP/50001 toUDP/50016
TCP/50001 toTCP/50016
Open(configurable)
Closed No
Preemptive RAW Socket TCP/62001 toTCP/62016
Open(configurable)
Closed No
TIN UDP/51000
TCP/51000
UDP Open;TCP open afterconfigured firsttime - can not beclosed
UDP Open; TCPClosed
No
WIN UDP/52000
TCP/52000
UDP Open;TCP open afterconfigured firsttime - can not beclosed
UDP Open; TCPClosed
No
MICROLOK UDP/60000 UDP Open;TCP open afterconfigured firsttime - can not beclosed
UDP Open; TCPClosed
No
MirroredBits UDP/61001 toUDP/61016
Open(configurable)
Closed No
TCP Modbus (Server) TCP/502 Open Open No Only availablethrough twomanagementinterfaces.
TCP Modbus (Switch) TCP/502 Open(configurable)
Closed No
DHCP, DHCP Agent UDP/67 sendingmsg if enabled - ifreceived, alwayscome to CPU,
Open Open No
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
SNMP Management Interface Base (MIB) Support 9
Services Port Number Port Open Port Default AccessAuthorized Note
dropped if servicenot configured
RCDP — Open(configurable)
Closed Yes
Section 1.4
SNMP Management Interface Base (MIB) SupportROS supports a variety of standard MIBs, proprietary RUGGEDCOM MIBs and Agent Capabilities MIBs, all forSNMP (Simple Network Management Protocol).
• Section 1.4.1, “Supported Standard MIBs”
• Section 1.4.2, “Supported Proprietary RUGGEDCOM MIBs”
• Section 1.4.3, “Supported Agent Capabilities”
Section 1.4.1
Supported Standard MIBsROS supports the following standard MIBs:
Standard MIB Name Title
RFC 2578 SNMPv2-SMI Structure of Management Information Version 2
RFC 2579 SNMPv2-TC Textual Convention s for SMIv2
SNMPv2-CONF Conformance Statements for SMIv2RFC 2580
IANAifType Enumerated Values of the ifType Object Defined ifTable defined inIF-MIB
RFC 1907 SNMPv2-MIB Management Information Base for SNMPv2
RFC 2011 IP-MIB SNMPv2 Mnagement Information Base for Internet Protocol usingSMIv2
RFC 2012 TCP-MIB SNMPv2 Management Information Base for the TransmissionControl Protocol using SMIv2
RFC 2013 UDP-MIB Management Information Base for the UDP using SMIv2
RFC 1659 RS-232-MIB Definitions of Managed Objects for RS-232-like Hardware Devices
RFC 2863 IF-MIB The Interface Group MIB
RFC 2819 RMON-MIB Remote Network Monitoring (RMON) management Information base
RFC 4188 BRIDGE-MIB Definitions of Managed Objects for Bridges
RFC 4318 RSTP-MIB Definitions of Managed Objects for Bridges with Rapid SpanningTree Protocol
RFC 3411 SNMP-FRAMEWORK-MIB An Architecture for Describing Simple Network ManagementProtocol (SNMP) Management Framework
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
10 Supported Proprietary RUGGEDCOM MIBs
Standard MIB Name Title
RFC 3414 SNMP-USER-BASED-SM-MIB User-based Security Model (USM) for Version 3 of the SimpleNetwork Management Protocol (SNMPv3)
RFC 3415 SNMP-VIEW-BASED-ACM-MIB View-bsed Access Control Model (VACM) for the SimpleManagement Protocol (SNMP)
IEEE 802.3ad IEEE8023-LAG-MIB Management Information Base Module for Link Aggregation
IEEE 802.1AB-2005 LLDP-MIB Management Information Base Module for LLDP Configuration,Statistics, Local System Data and Remote Systems DataComponents
RFC 4363 Q-BRIDGE-MIB Definitions of Managed Objects for Bridges with Traffic Classes,Multicast Filtering, and Virtual LAN Extensions
Section 1.4.2
Supported Proprietary RUGGEDCOM MIBsROS supports the following proprietary RUGGEDCOM MIBs:
File Name MIB Name Description
ruggedcom.mib RUGGEDCOM-MIB RUGGEDCOM enterprise SMI
ruggedcomtraps.mib RUGGEDCOM-TRAPS-MIB RUGGEDCOM traps definition
rcsysinfo.mib RUGGEDCOM-SYS-INFO-MIB General system information aboutRUGGEDCOM device
rcDot11.mib RUGGEDCOM-DOT11-MIB Managemet for wireless interface onRUGGEDCOM device
rcPoe.mib RUGGEDCOM-POE-MIB Management for PoE ports onRUGGEDCOM device
rcSerial.mib RUGGEDCOM-SERIAL-MIB Managemet for seral ports onRUGGEDCOM device
rcRstp.mib RUGGEDCOM-STP-MIB Management for RSTP protocol
Section 1.4.3
Supported Agent CapabilitiesROS supports the following agent capabilities for the SNMP agent:
NOTEFor information about agent capabilities for SNMPv2, refer to RFC 2580 [http://tools.ietf.org/html/rfc2580].
File Name MIB Name Supported MIB
rcsnmpv2AC.mib RC-SNMPv2-MIB-AC SNMPv2-MIB
rcudpmibAC.mib RC-UDP-MIB-AC UDP-MIB
rctcpmibAC.mib RC-TCP-MIB-AC TCP-MIB
http://tools.ietf.org/html/rfc2580http://tools.ietf.org/html/rfc2580http://tools.ietf.org/html/rfc2580
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
SNMP Traps 11
File Name MIB Name Supported MIB
rcSnmpUserBasedSmMibAC.mib RC-SNMP-USER-BASED-SM-MIB-AC SNMP-USER-BASED-SM-MIB-AC
rcSnmpViewBasedAcmMibAC.mib RC-SNMP-VIEW-BASED-ACM-MIB-AC SNMP-VIEW-BASED-ACM-MIB-AC
rcifmibAC.mib RC-IF-MIB-AC IF-MIB
rcbridgemibAC.mib RC-BRIDGE-MIB-AC BRIDGE-MIB
rcrmonmibAC.mib RC-RMON-MIB-AC RMON-MIB
rcqbridgemibAC.mib RC-Q-BRIDGE-MIB-AC Q-BRIDGE-MIB
rcipmibAC.mib RC-IP-MIB-AC IP-MIB
rclldpmibAC.mib RC-LLDP-MIB-AC LLDP-MIB
rclagmibAC.mib RC-LAG-MIB-AC IEEE8023-LAG-MIB
rcrstpmibAC.mib RC_RSTP-MIB-AC RSTP-MIB
rcrcdot11AC.mib RC-RUGGEDCOM-DOT11-MIB-AC RUGGEDCOM-DOT11- MIB
rcrcpoeAC.mib RC-RUGGEDCOM-POE-MIB-AC RUGGEDCOM-POE-MIB
rcrcrstpmibAC.mib RC-RUGGEDCOM-STP-AC-MIB RUGGEDCOM-STP-MIB
rcrcsysinfomibAC.mib RC-RUGGEDCOM-SYS-INFO-MIB-AC RUGGEDCOM-SYS-INFO-MIB
rcrctrapsmibAC.mib RC-RUGGEDCOM-TRAPS-MIB-AC RUGGEDCOM-TRAPS-MIB
rcrs232mibAC.mib RUGGEDCOM_RS-232-MIB-AC RS-232-MIB
rcserialmibAC.mib RC-RUGGEDCOM-SERIAL-MIB-AC RUGGEDCOM-SERIAL-MIB
Section 1.5
SNMP TrapsThe device generates the following standard traps:
Table: Standard Traps
Trap MIB
linkDown
linkUp
IF-MIB
authenticationFailure
coldStart
SNMPv2-MIB
newRoot
topologyChage
BRIDGE-MIB
risingAlarm
fallingAlarm
RMON-MIB
lldpRemoteTablesChange LLDP-MIB
The device also generates the following proprietary traps:
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
12 ModBus Management Support
Table: Proprietary Traps
Trap MIB
genericTrap
powerSupplyTrap
swUpgradeTrap
cfgChangeTrap
weakPasswordTrap
defaultKeysTrap
RUGGEDCOM-TRAPS-MIB
Generic traps carry information about events in their severity and description objects. They are sent at the sametime an alarm is generated for the device. The following are examples of RUGGEDCOM generic traps:
NOTEInformation about generic traps can be retrieved using the CLI command alarms. For moreinformation about the alarms command, refer to Section 2.6.1, “Available CLI Commands”.
Table: Generic Traps
Trap Severity
heap error Alert
NTP server failure notification
real time clock failure Error
failed password Warning
MAC address not learned by switch fabric Warning
BootP client: TFTP transfer failure Error
received looped back BPDU Error
received two consecutive confusing BPDUs on port, forcing down Error
The device generates the following traps when specific events occur:
Table: Event-Based Traps
Trap MIB Event
rcRstpNewTopology RUGGEDCOM-STP-MIB This trap is generated when the devicetopology becomes stable after a topologychange occurs on a switch port.
Section 1.6
ModBus Management SupportModbus management support in RUGGEDCOM devices provides a simple interface for retrieving basic statusinformation. ModBus support simplifies the job of SCADA (Supervisory Control and Data Acquisition) systemintegrators by providing familiar protocols for retrieving RUGGEDCOM device information. ModBus providesmostly read-only status information, but there are some writable registers for operator commands.
The ModBus protocol PDU (Protocol Data Unit) format is as follows:
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
ModBus Function Codes 13
Function Code Data
The following sections describe the support for ModBus management:
• Section 1.6.1, “ModBus Function Codes”
• Section 1.6.2, “ModBus Memory Map”
• Section 1.6.3, “ModBus Memory Formats”
Section 1.6.1
ModBus Function CodesRUGGEDCOM devices support the following ModBus function codes for device management through ModBus:
NOTEWhile RUGGEDCOM devices have a variable number of ports, not all registers and bits apply to allproducts.
Registers that are not applicable to a particular device return a zero (0) value. For example, registersreferring to serial ports are not applicable to RUGGEDCOM switch devices.
Read Input Registers or Read Holding Registers — 0x04 or 0x03Example PDU Request
Function Code 1 Byte 0x04(0x03)
Starting Address 2 Bytes 0x0000 to 0xFFFF (Hexadecimal)
128 to 65535 (Decimal)
Number of Input Registers 2 Bytes Bytes 0x0001 to 0x007D
Example PDU Response
Function Code 1 Byte 0x04(0x03)
Byte Count 1 Byte 2 x Na
Number of Input Registers Na x 2 Bytes
a The number of input registers
Write Multiple Registers — 0x10Example PDU Request
Function Code 1 Byte 0x10
Starting Address 2 Bytes 0x0000 to 0xFFFF
Number of Input Registers 2 Bytes Bytes 0x0001 to 0x0079
Byte Count 1 Byte 2 x Nb
Registers Value Nb x 2 Bytes Value of the register
b The number of input registers
Example PDU Response
Function Code 1 Byte 0x10
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
14 ModBus Memory Map
Starting Address 2 Bytes 0x0000 to 0xFFFF
Number of Registers 2 Bytes 1 to 121 (0x79)
Section 1.6.2
ModBus Memory MapThe following details how ModBus process variable data is mapped.
Product InfoThe following data is mapped to the Productinfo table:
Address #Registers Description (Reference Table in UI) R/W Format
0000 16 Product Identification R Text
0010 32 Firmware Identification R Text
0040 1 Number of Ethernet Ports R Uint16
0041 1 Number of Serial Ports R Uint16
0042 1 Number of Alarms R Uint16
0043 1 Power Supply Status R PSStatusCmd
0044 1 FailSafe Relay Status R TruthValue
0045 1 ErrorAlarm Status R TruthValue
Product Write RegisterThe following data is mapped to various tables:
Address #Registers Description (Reference Table in UI) R/W Format
0080 1 Clear Alarms W Cmd
0081 2 Reset Ethernet Ports W PortCmd
0083 2 Clear Ethernet Statistics W PortCmd
0085 2 Reset Serial Ports W PortCmd
0087 2 Clear Serial Port Statistics W PortCmd
AlarmsThe following data is mapped to the alarms table:
Address #Registers Description (Reference Table in UI) R/W Format
0100 64 Alarm 1 R Alarm
0140 64 Alarm 2 R Alarm
0180 64 Alarm 3 R Alarm
01C0 64 Alarm 4 R Alarm
0200 64 Alarm 5 R Alarm
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
ModBus Memory Map 15
Address #Registers Description (Reference Table in UI) R/W Format
0240 64 Alarm 6 R Alarm
0280 64 Alarm 7 R Alarm
02C0 64 Alarm 8 R Alarm
Ethernet Port StatusThe following data is mapped to the ethPortStats table:
Address #Registers Description (Reference Table in UI) R/W Format
03FE 2 Port Link Status R PortCmd
Ethernet StatisticsThe following data is mapped to the rmonStats table:
Address #Registers Description (Reference Table in UI) R/W Format
0400 2 Port s1/p1 Statistics - Ethernet In Packets R Uinst32
0402 2 Port s1/p2 Statistics - Ethernet In Packets R Uinst32
0404 2 Port s1/p3 Statistics - Ethernet In Packets R Uinst32
0406 2 Port s1/p4 Statistics - Ethernet In Packets R Uinst32
0408 2 Port s2/p1 Statistics - Ethernet In Packets R Uinst32
040A 2 Port s2/p2 Statistics - Ethernet In Packets R Uinst32
040C 2 Port s2/p3 Statistics - Ethernet In Packets R Uinst32
040E 2 Port s2/p4 Statistics - Ethernet In Packets R Uinst32
0410 2 Port s3/p1 Statistics - Ethernet In Packets R Uinst32
0412 2 Port s3/p2 Statistics - Ethernet In Packets R Uinst32
0414 2 Port s3/p3 Statistics - Ethernet In Packets R Uinst32
0416 2 Port s3/p4 Statistics - Ethernet In Packets R Uinst32
0418 2 Port s4/p1 Statistics - Ethernet In Packets R Uinst32
041A 2 Port s4/p2 Statistics - Ethernet In Packets R Uinst32
041C 2 Port s4/p3 Statistics - Ethernet In Packets R Uinst32
041E 2 Port s4/p4 Statistics - Ethernet In Packets R Uinst32
0420 2 Port s5/p1 Statistics - Ethernet In Packets R Uinst32
0422 2 Port s5/p2 Statistics - Ethernet In Packets R Uinst32
0424 2 Port s5/p3 Statistics - Ethernet In Packets R Uinst32
0426 2 Port s5/p4 Statistics - Ethernet In Packets R Uinst32
0428 2 Port s6/p1 Statistics - Ethernet In Packets R Uinst32
042A 2 Port s6/p2 Statistics - Ethernet In Packets R Uinst32
042C 2 Port s6/p3 Statistics - Ethernet In Packets R Uinst32
042E 2 Port s6/p4 Statistics - Ethernet In Packets R Uinst32
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
16 ModBus Memory Map
Address #Registers Description (Reference Table in UI) R/W Format
0430 2 Port s7/p1 Statistics - Ethernet In Packets R Uinst32
0432 2 Port s7/p2 Statistics - Ethernet In Packets R Uinst32
0434 2 Port s8/p1 Statistics - Ethernet In Packets R Uinst32
0436 2 Port s8/p2 Statistics - Ethernet In Packets R Uinst32
0440 2 Port s1/p1 Statistics - Ethernet Out Packets R Uinst32
0442 2 Port s1/p2 Statistics - Ethernet Out Packets R Uinst32
0444 2 Port s1/p3 Statistics - Ethernet Out Packets R Uinst32
0446 2 Port s1/p4 Statistics - Ethernet Out Packets R Uinst32
0448 2 Port s2/p1 Statistics - Ethernet Out Packets R Uinst32
044A 2 Port s2/p2 Statistics - Ethernet Out Packets R Uinst32
044C 2 Port s2/p3 Statistics - Ethernet Out Packets R Uinst32
044E 2 Port s2/p4 Statistics - Ethernet Out Packets R Uinst32
0450 2 Port s3/p1 Statistics - Ethernet Out Packets R Uinst32
0452 2 Port s3/p2 Statistics - Ethernet Out Packets R Uinst32
0454 2 Port s3/p3 Statistics - Ethernet Out Packets R Uinst32
0456 2 Port s3/p4 Statistics - Ethernet Out Packets R Uinst32
0458 2 Port s4/p1 Statistics - Ethernet Out Packets R Uinst32
045A 2 Port s4/p2 Statistics - Ethernet Out Packets R Uinst32
045C 2 Port s4/p3 Statistics - Ethernet Out Packets R Uinst32
045E 2 Port s4/p4 Statistics - Ethernet Out Packets R Uinst32
0460 2 Port s5/p1 Statistics - Ethernet Out Packets R Uinst32
0462 2 Port s5/p2 Statistics - Ethernet Out Packets R Uinst32
0464 2 Port s5/p3 Statistics - Ethernet Out Packets R Uinst32
0466 2 Port s5/p4 Statistics - Ethernet Out Packets R Uinst32
0468 2 Port s6/p1 Statistics - Ethernet Out Packets R Uinst32
046A 2 Port s6/p2 Statistics - Ethernet Out Packets R Uinst32
046C 2 Port s6/p3 Statistics - Ethernet Out Packets R Uinst32
046E 2 Port s6/p4 Statistics - Ethernet Out Packets R Uinst32
0470 2 Port s7/p1 Statistics - Ethernet Out Packets R Uinst32
0472 2 Port s7/p2 Statistics - Ethernet Out Packets R Uinst32
0474 2 Port s8/p1 Statistics - Ethernet Out Packets R Uinst32
0476 2 Port s8/p2 Statistics - Ethernet Out Packets R Uinst32
0480 2 Port s1/p1 Statistics - Ethernet In Packets R Uinst32
0482 2 Port s1/p2 Statistics - Ethernet In Packets R Uinst32
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
ModBus Memory Map 17
Address #Registers Description (Reference Table in UI) R/W Format
0484 2 Port s1/p3 Statistics - Ethernet In Packets R Uinst32
0486 2 Port s1/p4 Statistics - Ethernet In Packets R Uinst32
0488 2 Port s2/p1 Statistics - Ethernet In Packets R Uinst32
048A 2 Port s2/p2 Statistics - Ethernet In Packets R Uinst32
048C 2 Port s2/p3 Statistics - Ethernet In Packets R Uinst32
048E 2 Port s2/p4 Statistics - Ethernet In Packets R Uinst32
0490 2 Port s3/p1 Statistics - Ethernet In Packets R Uinst32
0492 2 Port s3/p2 Statistics - Ethernet In Packets R Uinst32
0494 2 Port s3/p3 Statistics - Ethernet In Packets R Uinst32
0496 2 Port s3/p4 Statistics - Ethernet In Packets R Uinst32
0498 2 Port s4/p1 Statistics - Ethernet In Packets R Uinst32
049A 2 Port s4/p2 Statistics - Ethernet In Packets R Uinst32
049C 2 Port s4/p3 Statistics - Ethernet In Packets R Uinst32
049E 2 Port s4/p4 Statistics - Ethernet In Packets R Uinst32
04A0 2 Port s5/p1 Statistics - Ethernet In Packets R Uinst32
04A2 2 Port s5/p2 Statistics - Ethernet In Packets R Uinst32
04A4 2 Port s5/p3 Statistics - Ethernet In Packets R Uinst32
04A6 2 Port s5/p4 Statistics - Ethernet In Packets R Uinst32
04A8 2 Port s6/p1 Statistics - Ethernet In Packets R Uinst32
04AA 2 Port s6/p2 Statistics - Ethernet In Packets R Uinst32
04AC 2 Port s6/p3 Statistics - Ethernet In Packets R Uinst32
04AE 2 Port s6/p4 Statistics - Ethernet In Packets R Uinst32
04B0 2 Port s7/p1 Statistics - Ethernet In Packets R Uinst32
04B2 2 Port s7/p2 Statistics - Ethernet In Packets R Uinst32
04B4 2 Port s8/p1 Statistics - Ethernet In Packets R Uinst32
04B6 2 Port s8/p2 Statistics - Ethernet In Packets R Uinst32
04C0 2 Port s1/p1 Statistics - Ethernet Out Packets R Uinst32
04C2 2 Port s1/p2 Statistics - Ethernet Out Packets R Uinst32
04C4 2 Port s1/p3 Statistics - Ethernet Out Packets R Uinst32
04C6 2 Port s1/p4 Statistics - Ethernet Out Packets R Uinst32
04C8 2 Port s2/p1 Statistics - Ethernet Out Packets R Uinst32
04CA 2 Port s2/p2 Statistics - Ethernet Out Packets R Uinst32
04CC 2 Port s2/p3 Statistics - Ethernet Out Packets R Uinst32
04CE 2 Port s2/p4 Statistics - Ethernet Out Packets R Uinst32
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
18 ModBus Memory Map
Address #Registers Description (Reference Table in UI) R/W Format
04D0 2 Port s3/p1 Statistics - Ethernet Out Packets R Uinst32
04D2 2 Port s3/p2 Statistics - Ethernet Out Packets R Uinst32
04D4 2 Port s3/p3 Statistics - Ethernet Out Packets R Uinst32
04D6 2 Port s3/p4 Statistics - Ethernet Out Packets R Uinst32
04D8 2 Port s4/p1 Statistics - Ethernet Out Packets R Uinst32
04DA 2 Port s4/p2 Statistics - Ethernet Out Packets R Uinst32
04DC 2 Port s4/p3 Statistics - Ethernet Out Packets R Uinst32
04DE 2 Port s4/p4 Statistics - Ethernet Out Packets R Uinst32
04E0 2 Port s5/p1 Statistics - Ethernet Out Packets R Uinst32
04E2 2 Port s5/p2 Statistics - Ethernet Out Packets R Uinst32
04E4 2 Port s5/p3 Statistics - Ethernet Out Packets R Uinst32
04E6 2 Port s5/p4 Statistics - Ethernet Out Packets R Uinst32
04E8 2 Port s6/p1 Statistics - Ethernet Out Packets R Uinst32
04EA 2 Port s6/p2 Statistics - Ethernet Out Packets R Uinst32
04EC 2 Port s6/p3 Statistics - Ethernet Out Packets R Uinst32
04EE 2 Port s6/p4 Statistics - Ethernet Out Packets R Uinst32
04F0 2 Port s7/p1 Statistics - Ethernet Out Packets R Uinst32
04F2 2 Port s7/p2 Statistics - Ethernet Out Packets R Uinst32
04F4 2 Port s8/p1 Statistics - Ethernet Out Packets R Uinst32
04F6 2 Port s8/p2 Statistics - Ethernet Out Packets R Uinst32
Serial StatisticsThe following data is mapped to the uartPortStatus table:
Address #Registers Description (Reference Table in UI) R/W Format
0600 2 Port 1 Statistics – Serial In characters R Uint32
0602 2 Port 2 Statistics – Serial In characters R Uint32
0604 2 Port 3 Statistics – Serial In characters R Uint32
0606 2 Port 4 Statistics – Serial In characters R Uint32
0640 2 Port 1 Statistics – Serial Out characters R Uint32
0642 2 Port 2 Statistics – Serial Out characters R Uint32
0644 2 Port 3 Statistics – Serial Out characters R Uint32
0646 2 Port 4 Statistics – Serial Out characters R Uint32
0680 2 Port 1 Statistics – Serial In Packets R Uint32
0682 2 Port 2 Statistics – Serial In Packets R Uint32
0684 2 Port 3 Statistics – Serial In Packets R Uint32
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
ModBus Memory Formats 19
Address #Registers Description (Reference Table in UI) R/W Format
0686 2 Port 4 Statistics – Serial In Packets R Uint32
06C0 2 Port 1 Statistics – Serial Out Packets R Uint32
06C2 2 Port 2 Statistics – Serial Out Packets R Uint32
06C4 2 Port 3 Statistics – Serial Out Packets R Uint32
06C6 2 Port 4 Statistics – Serial Out Packets R Uint32
Section 1.6.3
ModBus Memory FormatsThe following ModBus memory formats are supported by Siemens:
• Section 1.6.3.1, “Text”
• Section 1.6.3.2, “Cmd”
• Section 1.6.3.3, “Uint16”
• Section 1.6.3.4, “Uint32”
• Section 1.6.3.5, “PortCmd”
• Section 1.6.3.6, “Alarm”
• Section 1.6.3.7, “PSStatusCmd”
• Section 1.6.3.8, “TruthValues”
Section 1.6.3.1
TextThe Text format provides a simple ASCII representation of the information related to the product. The mostsignificant register byte of an ASCII characters comes first.
For example, consider a Read Multiple Registers request to read Product Identification from location 0x0000.
0x04 0x00 0x00 0x00 0x08
The response may look like:
0x04 0x10 0x53 0x59 0x53 0x54 0x45 0x4D 0x20 0x4E 0x41 0x4D 0x45
0x00 0x00 0x00 0x00 0x00
In this example, starting from byte 3 until the end, the response presents an ASCII representation of thecharacters for the product identification, which reads as SYSTEM NAME. Since the length of this field is smallerthan eight registers, the rest of the field is filled with zeros (0).
Section 1.6.3.2
CmdThe Cmd format instructs the device to set the output to either true or false. The most significant byte comes first.
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
20 Uint16
• FF 00 hex requests output to be True
• 00 00 hex requests output to be False
• Any value other than the suggested values does not affect the requested operation
For example, consider a Write Multiple Registers request to clear alarms in the device.
0x10 0x00 0x80 0x00 0x01 2 0xFF 0x00
• FF 00 for register 00 80 clears the system alarms
• 00 00 does not clear any alarms
The response may look like:
0x10 0x00 0x80 0x00 0x01
Section 1.6.3.3
Uint16The Uint16 format describes a Standard ModBus 16 bit register.
Section 1.6.3.4
Uint32The Uint32 format describes Standard 2 ModBus 16 bit registers. The first register holds the most significant 16bits of a 32 bit value. The second register holds the least significant 16 bits of a 32 bit value.
Section 1.6.3.5
PortCmdThe PortCmd format describes a bit layout per port, where 1 indicates the requested action is true, and 0indicates the requested action is false.
PortCmd provides a bit layout of a maximum of 32 ports. Therefore, it uses two ModBus regsiters:
• The first ModBus register corresponds to ports 1 – 16
• The second ModBus register corresponds to ports 17 – 32 for a particular action
Bits that do not apply to a particular product are always set to zero (0).
A bit value of 1 indicates that the requested action is true. For example, the port is up.
A bit value of 0 indicates that the requested action is false. For example, the port is down.
Reading Data Using PortCmdTo understand how to read data using PortCmd, consider a ModBus Request to read multiple registers fromlocatoin 0x03FE.
0x04 0x03 0xFE 0x00 0x02
The response depends on how many parts are available on the device. For example, if the maximum number ofports on a connected RUGGEDCOM device is 20, the response would be similar to the following:
0x04 0x04 0xF2 0x76 0x00 0x05
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
Alarm 21
In this example, bytes 3 and 4 refer to register 1 at location 0x03FE, and represent the status of ports 1 – 16.Bytes 5 and 6 refer to register 2 at location 0x03FF, and represent the status of ports 17 – 32. The device onlyhas 20 ports, so byte 6 contains the status for ports 17 – 20 starting from right to left. The rest of the bites inregister 2 corresponding to the non-existing ports 21 – 31 are zero (0).
Performing Write Actions Using PortCmdTo understand how data is written using PortCmd, consider a Write Multiple Register request to clear Ethernetport statistics:
0x10 0x00 0x83 0x00 0x01 2 0x55 0x76 0x00 0x50
A bit value of 1 clears Ethernet statistics on the corresponding port. A bit value of 0 does not clear the Ethernetstatistics.
0x10 0x00 0x81 0x00 0x02
Section 1.6.3.6
AlarmThe Alarm format is another form of text description. Alarm text corresponds to the alarm description from thetable holding all of the alarms. Similar to the Text format, this format returns an ASCII representation of alarms.
NOTEAlarms are stacked in the device in the sequence of their occurence (i.e. Alarm 1, Alarm 2, Alarm 3,etc.).
The first eight alarms from the stack can be returned, if they exist. A zero (0) value is returned if an alarm doesnot exist.
Section 1.6.3.7
PSStatusCmdThe PSStatusCmd format describes a bit layout for providing the status of available power supplies. Bits 0-4 ofthe lower byte of the register are used for this purpose.
• Bits 0-1: Power Supply 1 Status
• Bits 2-3: Power Supply 2 Status
Other bits in the register do not provide any system status information.
Bit Value Description
01 Power Supply not present (01 = 1)
10 Power Supply is functional (10 = 2)
11 Power Supply is not functional (11 = 3)
The values used for power supply status are derived from the RUGGEDCOM-specific SNMP MIB.
Reading the Power Supply Status from a Device Using PSStatusCmdTo understand how to read the power supply status from a device using PSStatusCmd, consider a ModBusRequest to read multiple registers from location 0x0043.
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
22 TruthValues
0x04 0x00 0x43 0x00 0x01
The response may look like:
0x04 0x02 0x00 0x0A
The lower byte of the register displays the power supply's status. In this example, both power supplies in the unitare functional.
Section 1.6.3.8
TruthValuesThe Truthvalues format represents a true or false status in the device:
• 1 indicates the corresponding status for the device to be true
• 2 indicates the corresponding status for the device to be false
Reading the FailSafe Relay Status From a Device Using TruthValueTo understand how to use the TruthValue format to read the FailSafe Relay status from a device, consider aModBus request to read multiple registers from location 0x0044.
0x04 0x00 0x44 0x00 0x01
The response may look like:
0x04 0x02 0x00 0x01
The register's lower byte shows the FailSafe Relay status. In this example, the FailSafe Relay is energized.
Reading the ErrorAlarm Status From a Device Using TruthValueTo understand how to use the TruthValue format to read the ErrorAlarm status from a device, conside a ModBusrequest to read mulitple registers from location 0x0045.
0x04 0x00 0x45 0x00 0x01
The response may look like:
0x04 0x02 0x00 0x01
The register's lower byte shows the ErrorAlarm status. In this example, there is no active ERROR, ALERT orCRITICAL alarm in the device.
Section 1.7
Certificate and Key RequirementsUsers are able to load custom and unique SSL certificates and SSL/SSH keys in ROS or use the certificates andkeys provided by ROS.
There are three types of certificates and keys:
NOTEDefault and auto-generated SSH keys are not available for Non-Controlled (NC) versions of ROS.
• Default
-
RUGGEDCOM ROSUser Guide
Chapter 1Introduction
Certificate and Key Requirements 23
Each ROS device is shipped with an SSL certificate and RSA key pair, and a DSA key pair for SSH that areunique to software version. If a valid SSL certificate or SSL/SSH keys are not available on the device, thedefault certificate and keys are used immediately so that SSH and SSL (https) sessions can be served.
• Auto-GeneratedIf a default SSL certificate and SSL/SSH keys are in use, ROS immediately begins to generate a uniquecertificate and SSL/SSH keys for the device in the background. This process takes approximately 5 minutesto complete (depending on how busy the device is at the time) following the startup of the device. If a customcertificate and keys are loaded while auto-generated certificates and keys are being generated, the generatorwill abort and the custom certificate and keys and will be used.
• User-Generated (Recommended)Custom certificates and keys are the most secure option. They give the user complete control over certificateand key management, allow for certificates signed by a public or local certificate authority, controlleddistribution of public SSH keys to network hosts that need them, and more.
NOTEThe RSA key pair must be added to the ssl.crt file after the SSL certificate.
For SSL, ROS requires an X.509 certificate in standard PEM format and an RSA key pair. The certificate maybe self-signed or signed by a separate authoriy. The RSA key must be between 512 and 2048 bits in length. Thecertificate and keys must be combined in a single ssl.crt file and uploaded to the device.
The following is an example of a combined SSL certificate and key:
-----BEGIN CERTIFICATE-----MIIC9jCCAl+gAwIBAgIJAJh6rrehMt3iMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHQ29uY29yZDESMBAGA1UEChMJUnVnZ2VkY29tMRkwFwYDVQQLExBDdXN0b21lciBTdXBwb3J0MSYwJAYDVQQDEx1XUy1NSUxBTkdPVkFOLlJVR0dFRENPTS5MT0NBTDEkMCIGCSqGSIb3DQEJARYVc3VwcG9ydEBydWdnZWRjb20uY29tMB4XDTEyMTAyMzIxMTA1M1oXDTE3MTAyMjIxMTA1M1owgZwxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdPbnRhcmlvMRAwDgYDVQQHEwdDb25jb3JkMRIwEAYDVQQKEwlSdWdnZWRDb20xGTAXBgNVBAsTEEN1c3RvbWVyIFN1cHBvcnQxFDASBgNVBAMTCzE5Mi4xNjguMS4yMSQwIgYJKoZIhvcNAQkBFhVTdXBwb3J0QHJ1Z2dlZGNvbS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALfE4eh2aY+CE3W5a4Wz1Z1RGRP02COHt153wFFrU8/fFQXNhKlQirlAHbNTRSwcTR8ZFapivwYDivn0ogOGFXknYP90gv2oIaSVY08FqZkJW77g3kzkv/8Zrw3mW/cBsZJ8SyKLIDfy401HkHpDOle5NsQFSrziGUPjAOIvvx4rAgMBAAGjLDAqMAkGA1UdEwQCMAAwHQYDVR0OBBYEFER0utgQOifnrflnDtsqNcnvRB0XMA0GCSqGSIb3DQEBBQUAA4GBAHtBsNZuh8tB3kdqR7Pn+XidCsD70YnI7w0tiy9yiRRhARmVXH8h5Q1rOeHceri3JFFIOxIxQt4KgCUYJLu+c9Esk/nXQQar3zR7IQCt0qOABPkviiY8c3ibVbhJjLpR2vNW4xRAJ+HkNNtBOg1xUlp4vOmJ2syYZR+7XAy/OP/S-----END CERTIFICATE----------BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQC3xOHodmmPghN1uWuFs9WdURkT9Ngjh7ded8BRa1PP3xUFzYSpUIq5QB2zU0UsHE0fGRWqYr8GA4r59KIDhhV5J2D/dIL9qCGklWNPBamZCVu+4N5M5L//Ga8N5lv3AbGSfEsiiyA38uNNR5B6QzpXuTbEBUq84hlD4wDiL78eKwIDAQABAoGBAI2CXHuHg23wuk9zAusoOhw0MN1/M1jYz0k9aajIvvdZT3Tyd29yCADy8GwAeUmoWXLS/C4CcBqPa9til8ei3rDn/w8dveVHsi9FXjtVSYqN+ilKw+moMAjZy4kN/kpdpHMohwv/909VWR1AZbr+YTxaG/++tKl5bqXnZl4wHF8xAkEA5vwut8USRg2/TndOt1e8ILEQNHvHQdQr2et/xNH4ZEo7mqot6skkCD1xmxA6XG64hR3BfxFSZcewWr4SOFGCtQJBAMurr5FYPJRFGzPM3HwcpAaaMIUtPwNyTtTjywlYcUI7iZVVfbdx4B7qOadPybTg7wqUrGVkPSzzQelz9YCSSV8CQFqpIsEYhbqfTLZEl83YjsuaE801xBivaWLIT0b2TvM2O7zSDOG5fv4I990v+mgrQRtmeXshVmEChtKnBcm7HH0CQE6B2WUfLArDMJ8hAoRczeU1nipXrIh5kWWCgQsTKmUrafdEQvdpT8ja5GpX2Rp98eaUNHfI0cP36JpCdome2eUCQDZN9OrTgPfeDIXzyOiUUwFlzS1idkUGL9nH86iuPnd7WVF3rV9Dse30sVEk63Yky8uKUy7yPUNWldG4U5vRKmY=-----END RSA PRIVATE KEY-----
-
Chapter 1Introduction
RUGGEDCOM ROSUser Guide
24 Certificate and Key Requirements
For SSH, ROS requires a DSA key pair in PEM format. The DSA key must be between 512 and 2048 bits inlength for Controlled versions. The key file is uploaded to the ssh.keys flash file on the device.
The following is an example of a PEM formatted SSH key:
-----BEGIN DSA PRIVATE KEY-----MIIBuwIBAAKBgQD0gcGbXx/rrEMu2913UW4cYo1OlcbnuUz7OZyd2mBLDx/GYbD8X5TnRcMraJ0RuuGK+chqQJW5k3zQmZa/BS6q9U7wYwIAx8JSxxpwfPfl/t09VwKGrtSJIMpLRoDq3qEwEVyR4kDUo4LFQDsljtiyhcz1n6kd6gqsd5Xu1vdh4wIVANXbSBi97GmZ6/9f4UCvIIBtXLEjAoGAAfmhkcCCEnRJitUTiCE+MurxdFUr3mFs/d314cUDaLStQEhYYmx5dbFdQuapl4Y32B7lZQkohi5q1T1iUAa40/nUnJx1hFvblkYT8DLwxcuDAaiu0VqsaPtJ+baL2dYNp96tFisj/475PEEWBGbP6GSe5kKa1Zdgwuie9LyPb+ACgYBv856v5tb9UVG5+tX5Crfv/Nd8FFlSSFKmVWW3yzguhHajg2LQg8UUsm1/zPSwYQ0SbQ9aOAJnpLc2HUkK0lji/0oKVI7y9MMc4B+bGu4W4OnryP7oFpnpYYHt5PJY+zvLw/Wa+u3NOVFHkF1tGyfVBMXeV36nowPo+wrVMolAEgIVALLTnfpWmaV6uh6RxeE1d4XoxSg2-----END DSA PRIVATE KEY-----
For more information about encryption key management, refer to Section 1.2, “Security Recommendations andConsiderations”.
-
RUGGEDCOM ROSUser Guide
Chapter 2Using ROS
Connecting to ROS 25
Using ROSThis chapter describes how to use the ROS interface. It describes the following tasks:
• Section 2.1, “Connecting to ROS”
• Section 2.2, “Logging In”
• Section 2.3, “Logging Out”
• Section 2.4, “Using the Web Interface”
• Section 2.5, “Using the Console Interface”
• Section 2.6, “Using the Command Line Interface”
• Section 2.7, “Selecting Ports in ROS”
• Section 2.8, “Managing the Flash File System”
Section 2.1
Connecting to ROSThe following describes the various methods for connecting the device:
• Section 2.1.1, “Connecting Directly”
• Section 2.1.2, “Connecting via the Network”
Section 2.1.1
Connecting DirectlyROS can be accessed through a direct serial console or Ethernet connection for management andtroubleshooting purposes. A console connection provides access to the console interface and CLI.
To establish a serial connection to the device, do the following:
1. Connect a workstation (either a terminal or computer running terminal emulation software) to the RS232serial console port on the device. For more information about the RS232 serial console port, refer to theRP110 Installation Guide.
NOTEThe baud rate for the device is printed on the chassis exterior near the RS232 serial console port.
2. Configure the workstation as follows:
• Speed (baud): 57600
• Data Bits: 8
• Parity: None
• Flow Control: Off
-
Chapter 2Using ROS
RUGGEDCOM ROSUser Guide
26 Connecting via the Network
• Terminal ID: VT100
• Stop Bit: 1
3. Connect to the device. Once the connection is established, the login form appears. For more informationabout logging in to the device, refer to Section 2.2, “Logging In”.
Section 2.1.2
Connecting via the NetworkROS can be accessed over the network either through a Web browser, terminal or a workstation running terminalemulation software.
Using a Web BrowserWeb browsers provide a secure connection to the Web interface for ROS using the SSL (Secure Socket Layer)communication method. SSL encrypts traffic exchanged with its clients.
The ROS Web server guarantees that all communications with the client are private. If a client requests accessthrough an insecure HTTP port, the client is automatically rerouted to the secure port. Access to the Web serverthrough SSL will only be granted to clients that provide a valid user name and password.
To establish a connection through a Web browser, do the following:
1. On the workstation being used to access the device, configure an Ethernet port to use an IP address fallingwithin the subnet of the device. The default IP address is 192.168.0.1/24.
For example, to configure the device to connect to one of the available Ethernet ports, assign an IP addressto the Ethernet port on the workstation in the range of 192.168.0.3 to 192.168.0.254.
2. Open a Web browser. For a list of recommended Web browsers, refer to the section called “SystemRequirements”.
IMPORTANT!Upon connecting to the device, some Web browsers may report the Web server's certificatecannot be verified against any known certificates. This is expected behavior, and it is safe toinstruct the browser to accept the certificate. Once the certificate is accepted, all communicationswith the Web server through that browser will be secure.
3. In the address bar, type the IP address for the port that is connected to the network. For example, to accessthe device using its factory default IP address, type https://192.168.0.1 and press Enter. Once theconnection is established, the login screen for the Web interface appears.
For more information about logging in to the device, refer to Section 2.2, “Logging In”. For more informationabout the Web interface, refer to Section 2.4, “Usin